CISA Urges Immediate Patching: Critical Windows SMB Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that a vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, is already being actively exploited in real-world attacks. Classified as a high-severity flaw, it allows threat actors to obtain SYSTEM-level privileges on unprotected devices.

The vulnerability affects all versions of Windows Server and Windows 10, as well as Windows 11 up to build 24H2. The flaw stems from an improper implementation of the access control mechanism, enabling an authenticated attacker to escalate privileges within the network. Microsoft addressed the issue on June 20, 2025, though warnings about potential exploitation surfaced well before the patch’s release.

According to Microsoft, the attack scenario relies on coercing a victim into connecting to a server controlled by the attacker. Once the malicious server intercepts communication over the SMB protocol, it can execute code with full system privileges. Exploitation requires only that a user initiate a connection to a spoofed node—something that can easily occur through a crafted script or a deceptive link.

Microsoft confirmed that several security researchers—representatives from CrowdStrike, Synacktiv, SySS GmbH, Google Project Zero, and RedTeam Pentesting GmbH—were aware of the vulnerability. However, the company has yet to comment on CISA’s statement regarding its active exploitation. In the meantime, the agency has added CVE-2025-33073 to its Known Exploited Vulnerabilities Catalog, mandating that all U.S. federal agencies secure their systems by November 10 in accordance with Directive BOD 22-01.

CISA also urged all organizations, including private enterprises, to apply the latest security updates without delay, warning that vulnerabilities of this nature are frequently leveraged in cyberattacks. The agency emphasized that flaws in network communication services pose a serious threat to critical information infrastructure and could lead to widespread system compromise.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy